QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1000343

Published: Jun 4, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20181127-0004/

x_refsource_CONFIRM

https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.